In light of the recent Equifax breach, Gene Kim and speakers from the upcoming DevOps Enterprise Summit San Francisco (DOES17) dissected the situation and discussed the technical leadership lessons learned while offering their own expert advice for handling crisis situations. The following are more highlights from the discussion ...
According a recent IDC report, the average total cost of unplanned application downtime per year is between $1.25 billion to $2.5 billion, and the average hourly cost of an infrastructure failure is $100,000. What's more, a recent report by IHS about the cost of server, application and network downtime revealed that downtime is costing North American organizations $700 billion per year. We do everything we can to learn from these failures and improve our processes and tools along the way, but something many companies fail to address as a problem is often the most important: crisis communication.
Using DevOps principles when dealing with incidents and outages can help organizations avoid common pitfalls many companies encounter when a disruption in service inevitably occurs. Here are five DevOps practices that can keep a crisis from getting worse:
1. Practice empathy
Empathy is at the heart of the DevOps movement. Unfortunately, it is one of the hardest practices to implement. The middle of a crisis is a difficult time to start working on this, but by thinking about how others might respond to news of an outage before an incident occurs, you can build a solid communication foundation with empathy as a building block.
2. Organize your information
During a crisis, every passing second is critical. Having helpful information organized and readily available can make a huge difference in not only repairing system issues, but communicating clearly with those who need to be "in the know." Step-by-step instructions and checklists known as runbooks will go a long way in quickly triaging issues and making sure all important items are addressed and in the correct order.
3. Be transparent
DevOps is all about collaboration, which translates to real-time team communication. Communication is even more important during a crisis, but communication is only useful if it is completely transparent and provides accurate and up-to-date information. Event timelines and "persistent group chat" tools should be leveraged for teams to discuss their findings and efforts, but it is equally important for organizations to display operational transparency to their end users.
4. Conduct post-mortems
In complex system environments, the only way to fully and accurately understand the details and contributing factors to a disruption in service is to retroactively analyze what took place during the disruption. As soon as stakeholders can be assembled, a post-incident analysis should take place to document, discuss, and understand the sequence of events and actions.
4. Learn from others
Outages happen all the time. The best and most respected companies realize that any attempt to hide or deny information about an issue can quickly become a blemish on the company's brand. The good news is that there is no need to reinvent the wheel. Instead, check out how other companies in similar industries deal with these same issues. For instance, customer-facing post-mortems are made public in a reasonably short amount of time to provide more transparency. Pick up best practices on how to address the problem from those who've done so successfully.
By keeping these tips in mind during your next crisis, not only can internal teams repair problems more quickly, but end users can be made aware of the situation in a timely manner that reinforces your position that satisfying the customer is priority number one. This demonstrates that you understand how much customers rely on and consider the availability of your service to be one of the core features you offer.
Jason Hand is a DevOps Evangelist at VictorOps.